I am working with the WSO2 4.9.0 version behind a proxy and I have some troubles... For example, when I try my Web service with the option 'Try it' I have this message :
Private proxy protocol will be attempted as cross-domain browser
restrictions might be enforced for this endpoint
I have tried almost everything to soluce this problem but it is still there.
I have added the options -Dhttp.proxyHost=xxxx -Dhttp.proxyPort=xxxx in the wso2server.bat and I have added some parameters in the axis2.ml (in 3 transportSender : HttpCoreNIOSender / PassThroughHttpSender and PassThroughHttpSSLSender ) :
<parameter name="http.proxyHost" locked="false">xxxx</parameter>
<parameter name="http.proxyPort" locked="false">xxxx</parameter>
Is there any other file to modify to fix this issue ?
Thank you all.
Ahhouais
Related
I have a simple MVC web application where javascript code sends ajax requests to the controller and the controller sends back responses.
I built the app 2 years ago and everything used to work fine. Now I tried to run the app again locally and met with the following problem:
whenever an Ajax request is sent from the frontend to the controller (running on localhost), the localhost refuses to connect and I get an ERR_CONNECTION_REFUSED message in (chrome's) javascript-console. (In Safari's javascript-console I get the following error message: "Failed to load resource: Could not connect to the server.")
I'm running the app using NetBeans 11.2. My NetBeans IDE uses GlassFish as server:
I removed the Glassfish server from NetBeans IDE, deleted its folder in my home directory and then added the Glassfish server again in my NetBeans IDE (which also entailed downloading the the newest version of the Glassfish server).
Still, the server refuses to accept any requests from the frontend.
I also tried using Payara Server (version 5.193). That didn't make a difference either.
The frontend itself looks fine at first glance by the way. That is, going to http://localhost:8080/myapp loads the frontend of the app. However, any dynamic features of the app don't work because the server refuses to accept any Ajax requests coming from the frontend (and initiated through mouse clicks).
How can I fix this?
I think I found the reason for the problem:
In my javascript-file I have the following line of code:
var url = "http://localhost:8080/myapp/Controller";
The variable "url" is passed to all the AJAX requests sent to localhost.
But here is the crazy thing: the AJAX requests are not sent to "http://localhost:8080/myapp/Controller" but to "http://localhost:8081/myapp/Controller" !!!!!
What the hell is going on here?!
Did you use port 8081 before and then changed the variable "url" to the new port 8080? In this case, maybe the variable is still set to the old value in the cache. Restart your computer and see whether this fixes the problem.
If the value of the attribute http-listener is localhost, it will refuse the connection external connection.
You can verify using its value using the command
asadmin> get server-config.network-config.network-listeners.network-listener.http-listener-1.*
Information similar to the following should returned:
server.http-service.http-listener.http-listener-1.acceptor-threads = 1
server.http-service.http-listener.http-listener-1.address = 0.0.0.0
server.http-service.http-listener.http-listener-1.blocking-enabled = false
server.http-service.http-listener.http-listener-1.default-virtual-server = server
server.http-service.http-listener.http-listener-1.enabled = true
server.http-service.http-listener.http-listener-1.external-port =
server.http-service.http-listener.http-listener-1.family = inet
server.http-service.http-listener.http-listener-1.id = http-listener-1
server.http-service.http-listener.http-listener-1.port = 8080
server.http-service.http-listener.http-listener-1.redirect-port =
server.http-service.http-listener.http-listener-1.security-enabled = false
server.http-service.http-listener.http-listener-1.server-name =
server.http-service.http-listener.http-listener-1.xpowered-by = true
Modify an attribute by using the set subcommand.
This example sets the address attribute of http-listener-1 to 0.0.0.0:
asadmin> set server.http-service.http-listener.http-listener-1.address = 0.0.0.0
Reference:
https://docs.oracle.com/cd/E19798-01/821-1751/ablaq/index.html
I have to refresh an old webapp and i'm facing a problem i can't find...
Old situation :
webapp (Java6, wicket) on Weblogic 10.3, external access via URL rewrite by IIS
everything OK
New situation :
refreshed webapp on WL 12.2, IIS unchanged.
Results : Inside URLs : everything OK
Outside URLs : HTTP 200 OK, but all pages HTTP 302 (redirections) fails
browser receive 503 (unavailable) after a while.
I looked at the logs :
WL12 : process OK, response 302 found, location:inside URL
IIS : found code 400
I looked at [Oracle docs][1], i saw that they added CSRF protection, i believed it could be that, i disabled it, but nothing changed.
Any idea ?
Thanks in advance.
[1]: https://docs.oracle.com/middleware/12213/wls/WBAPP/weblogic_xml.htm#WBAPP-GUID-E3A9B2FC-E098-43B1-ACFF-4A457D6062DE search for "referer-validation"
Forget that.
The WL12 was installed on an "end of life" server running HP Unix.
I deployed the same app on WL12 on redhat, it worked as intended.
I'm building a proxy using Apigee that transmits sensitive data. I need to ensure that clients of this API use HTTPS.
I've coded a Raise Fault policy that does something like this
proxies/default.xml
<PreFlow name="PreFlow">
<Request>
<Step>
<FaultRules/>
<Name>Require-HTTPS</Name>
<Condition>request.scheme != "https"</Condition>
</Step>
</Request>
<Response/>
</PreFlow>
policies/Require-HTTPS.xml
<RaiseFault async="false" continueOnError="false" enabled="true" name="Require-HTTPS">
<DisplayName>Require-HTTPS</DisplayName>
<FaultRules/>
<Properties/>
<FaultResponse>
<Set>
<Headers/>
<Payload contentType="application/json">\{
"status" : 400,
"message" : "Sensitive transactions may only be executed over HTTPS",
}
</Payload>
<StatusCode>400</StatusCode>
<ReasonPhrase>Requires HTTPS</ReasonPhrase>
</Set>
</FaultResponse>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>
The problem is, the fault is always raised, whether I use HTTP or HTTPS to access.
I can see in the debugging console that the condition in proxies.xml always resolves to true, whether I use HTTP or HTTPS to access the API. In fact, the request.scheme always seems to be HTTP.
However, I do see the following header using HTTPS access that's not present using HTTP
X-Forwarded-Proto : https
Can I depend on this header to enforce HTTPS only access to my API? Or is there some other recommended way to do this?
You might try detecting the virtual host rather than the scheme by using the virtualhost.name variable (default or secure).
However, I suggest you create a two proxies -- one for https and one for http. This will remove the possibility of a consumer slipping past your conditional roadblock. Click on the word "default" under Proxy to edit the entire proxy file and scroll down to the HTTPProxyConnection
<HTTPProxyConnection>
<BasePath>/testme</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
Just remove the VirtualHost for default and the consumer will no longer be able to connect using https. I beleive you can then create a second API with the same path, only then remove "secure" and create a RasieFault without a condition. Worst case, you can rely on the Apigee error if you just disable default in your API.
I wish to change my URL of proxy service due enhanced application.
Previously my URL like differet than ESB default endpoint.
Now proxy providing this URL.
http://soccerhome:8280/services/Customer_Proxy
Where as my existing applications are running on some other endpoint's
like
http://soccerhome:8280/Customer_Proxy
So they can't able to change there endpoint how would i remove the service part in above URL any way to do that.
Thanks in advance.
Just provide a Service URL in your_proxy.
<parameter name="ServiceURI">Customer_Proxy</parameter>
Then You will get Your desire URL.
Change parameter servicePath in repository/conf/axis2/axis2.xml
Edit the repository/conf/axis2/axis2.xml in dispatcher phase :
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
to add the following handle.
<handler name="CustomURIBasedDispatcher"
class="org.apache.synapse.core.axis2.CustomURIBasedDispatcher"/>
Now if you go ahead to edit the proxy service, you can add a service parameter as,
serviceURI = Customer_Proxy
This will provide your desired URL.
you should change axis2.xml file in repository/conf/axis2/axis2.xml or create your service in proxy url
<parameter name="URL OF Service">CustomProxy</parameter>
For my Java EE web application I have a problem. I need to redirect a page A to another page B, using Spring controller I write:
Page A is for my browser (in http):
http://MYPUBLICSERVERNAME/MYCONTEXT/A.do :
In A which is a Spring controller has the following code for redirection:
#RequestMapping(method = RequestMethod.GET, value = "/A.do")
public String searchProfiles(){
....
return "redirect:/B.html";
}
It works perfectly in http.
so I go to B :
http://MYPUBLICSERVERNAME/MYCONTEXT/B.html
The problem comes with HTTPS because with HTTPS a reverse proxy intercept the request :
This proxy is on the same machine and I get :
impossible to connect because when i go to :
httpS://MYPUBLICSERVERNAME/MYCONTEXT/A.do
i expected to be redirected to :
httpS://MYPUBLICSERVERNAME/MYCONTEXT/B.html
Instead the browser is redirected to
http://localhost/MYCONTEXT/B.html
I understand that for the server the client is the reverse proxy not of course the browser.
So my question is : how can the servlet get the original server name i mean the server name indicated in the web browser (MYPUBLICSERVERNAME) and the protocol (HTTPS if HTTPS).
The workaround i think is using a cookie feeded by the browser, because the browser only know MYPUBLICSERVERNAME but maybe more elegant solution exist ?
Of course if I know a spring function that can magically redirect with expected protocol and server name it's ok too but i didn't find it.
Thanks for your answer
you can use the redirect with the whole path and protocol
return "redirect:https://MYPUBLICSERVERNAME/MYCONTEXT/B.html"
I am not sure if you can use refferer header in request (does proxy change the refferer ?)
String referrer = request.getHeader("referer");